0

And this is my code, everything works good, everything is OK in my code. So I don't know what type should be my image table in database.

if(isset($_POST["title"]) && isset($_POST["content"]) && isset($_POST["order"])){
    $title = $_POST["title"];
    $content = $_POST["content"];
    $order = $_POST["order"];
    $image = $_FILES['image'] ;

    $title = addslashes($title);
    $content = addslashes($content);
    $order = (float)$order;
    $image = addslashes(file_get_contents($_FILES['image']['tmp_name'])) ;


    $sql = "INSERT INTO items (name,description,`price`, `image`) 
            VALUES ('$title','$content','$order', '{$image}')" ;

    mysqli_query($conn,$sql) or die('something wrong' . mysql_error());;
    echo mysqli_error($conn);

}

If you have any suggestions, please help, thank you

Arevshatyan Gegham
  • 121
  • 1
  • 2
  • 5
  • 1
    Are you asking about the datatype of `image` column? If it is, then the `image` column should be of `blob` datatype. – Rajdeep Paul Jun 28 '16 at 20:17
  • Could you copy the error message? – Krzysztof Duszczyk Jun 28 '16 at 20:17
  • 2
    for anything binary, use `blob`. and you are vulnerable to [sql injection attacks](http://bobby-tables.com). addslashes is utterly USELESS as a defense against this. you are also simply assuming that uploads never fail. there's a `['error']` parameter in $_FILES for a reason... – Marc B Jun 28 '16 at 20:18
  • You don't usually store images in the database directly. Rather you store a reference to an image stored in file storage on the server. However you could base 64 encode it if it is an absolute must. – Doug Jun 28 '16 at 20:18
  • @Rajdeep I used blob, but it didn't work. It shows me this kind of text, instead of image lampchka����JFIF���Photoshop 3.08BIM�gQ4trbs_60UhHSvm-ajn4(bFBMD01000a9c0d00005b5f0000bca800000eb70000abd0000072fb0000c463010056840100f499010047ba0100e36e0200���ICC_PROFILE�mntrRGB XYZ �$acsp���-)�=ޯ�U�xB��ʃ9 descDybXYZ�bTRC�dmdd ��gXYZ hgTRC�lumi |meas �$bkpt �rXYZ �rTRC�tech �vued ��wtptpcprt�7chad�,descsRGB – Arevshatyan Gegham Jun 28 '16 at 20:31
  • @Doug Why use base64? I think using a blob field as written in the first comment will work fine. – Jocelyn Jun 28 '16 at 20:35
  • @ArevshatyanGegham See this SO Q/A, [http://stackoverflow.com/q/20556773/5517143](http://stackoverflow.com/q/20556773/5517143) – Rajdeep Paul Jun 28 '16 at 20:36
  • 1
    Possible duplicate of [How to retrieve images from MySQL database and display in an html tag](http://stackoverflow.com/questions/7793009/how-to-retrieve-images-from-mysql-database-and-display-in-an-html-tag) – Jocelyn Jun 28 '16 at 20:38
  • 2
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST` or `$_GET` data directly into a query. `addslashes` **SHOULD NOT** be used for SQL escaping. I can't stress this enough. – tadman Jun 28 '16 at 20:48
  • It's also worth noting you're checking for errors from the wrong API. `mysql_error` is related to `mysql_query`. This is why using the object-oriented `mysqli` interface is better: [`$mysqli->error`](http://php.net/manual/en/mysqli.error.php) cannot be confused with the other API. – tadman Jun 28 '16 at 20:50

1 Answers1

0

just put the images into folder , and for the db's column, insert the name/id of the images, then you can call them in a simple code like in html, just like <img src="<?php $row['pathoftheimage'] /> ?>">,,,

J. Zend
  • 88
  • 7